SharePoint Permission for guest users through security groups

David_Elsner · ‎Jan 14 2022

I noticed something strange in SharePoint Online and would like to get your confirmation for this behaviour or your comment if I am doing anything wrong.

We have many guest users in our organisation and some of them need access to SharePoint. This access can be given if I add those users in the library settings explicitly:

- The site has guest sharing enabled
- The guests are already added in our AD (existing guest users)
- The library has unique permissions

This works as expected and guests can access.

But if I add those guest users to an AAD security group (not a SharePoint group) and add the group in this list, they always get this screen here:

This is an issue, because we are using security groups in many libraries and adding users manually is a huge pain... do you have any suggestions?
Are guest users from security groups not synced in the corresponding SharePoint groups?

brannanholland · ‎Feb 01 2022

@David_Elsner I am running into the same issues now. Were you able to find a solution?

David_Elsner · ‎Feb 02 2022

No, I could not find a solution.. maybe just not supported to allow external users access via groups :(

edgepharos · ‎Apr 19 2022

Do you add the AAD group inside an existing sharepoint group or directly in root site permissions? This procedure you are describing we're using a lot since we also use dynamic group membership to populate those guest accounts and then add those dynamic groups to sharepoint. So from what I can understand this should work as you want.

David_Elsner · ‎Jun 23 2022

Sorry for the late reply. I didn't see the notification.
I am adding the AAD group in the site visitors group.
The site visitors group is a SharePoint group, but I do not use dynamic groups.

However, an external user does not get access to the site through a group. Only throug a direct user assignement. Any further idea? That is an important issue for us...

David_Elsner · ‎Jun 23 2022

Also: When I "check permission" I receive none as a result :(

edgepharos · ‎Jun 24 2022

@David_Elsner this is indeed pretty strange yes. I cannot understand why it is like this. As I use this for multiple hundreds of users in dynamic groups but that shouldn’t matter.

testing some things to clarify

- if you add a tenant user in the same aad group do you see in check access that the user receives the sp group access? To verify internal users work

- if you have a teams group with internal and external guest users can you add that team aad group to sharepoint and see if you check access and get info about the normal and guest users then?

depending on the above results one can investigate further. Are you a tenant admin or at least site collection admin on that site?

David_Elsner · ‎Jun 24 2022

Thanks for your reply.

- Yes internal users work instantly. Also the check permission does what it should.
- Yes, Microsoft 365 groups (thats what you mean by "teams group", right?) also work as intended.

So: Only normal Security groups have this issue.

I am a global admin ;)

SharePoint Permission for guest users through security groups

SharePoint Permission for guest users through security groups

Re: SharePoint Permission for guest users through security groups

Re: SharePoint Permission for guest users through security groups

Re: SharePoint Permission for guest users through security groups

Re: SharePoint Permission for guest users through security groups

Re: SharePoint Permission for guest users through security groups

Re: SharePoint Permission for guest users through security groups

Re: SharePoint Permission for guest users through security groups

Products (64)

Special Topics (44)

Video Hub (976)

Most Active Hubs

Most Active Hubs

Video Hub

SharePoint Permission for guest users through security groups